By Stormi O'Donnell
SecureWorld Media
Update:
When it comes to state-sponsored hackers, Russia is a name that constantly comes up. A recent report revealed that Russian hackers have had access to U.S. critical infrastructure for years. The report said that threat was considered "low-level" because Russia wouldn't launch a cyber-attack unless it was involved in some kind of conflict with the U.S. Well, fast forward a few days and now Russian hackers are being blamed for cyber-attacks on air traffic control infrastructure in Sweden. The alleged attack happened in 2015, and Russia has been blamed for numerous attacks in almost every Baltic state.
I'm not an international cyber-defense expert, but how could this be considered a low-level threat? Russian state-sponsored hackers have access to our critical infrastructure, and the country is currently (and has been) launching cyber-attacks on critical infrastructure in several other countries. Is this not a red flag? The U.S. government currently ranks last in cybersecurity out of 17 other private industries. Is that a red flag?
If you need more evidence of problems, another report that came out this week revealed that the Nuclear Regulatory Commission is working to beef up regulations (there are currently none when it comes to cybersecurity). Sounds good, right? The problem is that the regulations won't be passed for another two years. How does the government expect to keep up in a threat landscape that constantly changes? It takes them years to set new regulations. Cybersecurity is not something that can wait and until lawmakers figure that out, then the government will stay dead last on the cybersecurity rankings.
Original Report:
What will it take before we get serious about securing critical infrastructure? A new report from the Department of Homeland Security highlights the seriousness of criminals targeting critical infrastructure, specifically the energy sector. The report somewhat (that's being polite) downplays the threats, but if you dig into the details it quickly becomes apparent that the threats and attacks should not be taken lightly.
Let's break down this portion of the report. First, the report states that the threat of a damaging cyber- attack on the U.S. energy sector is low, good news right? Not so fast, the report then states that attackers targeting integrated control solutions (ICS) are introducing malware into systems, and most attackers are "probably" focused on gaining and maintaining access to critical infrastructure. Furthermore, the report states that these attacks are state-sponsored, but not to worry because the cyber-spies "probably" wouldn't launch a "damaging or disruptive" attack unless their country was involved in a conflict with the U.S.
So, at least 17 times, hackers were able to gain access into U.S. energy systems? Don't worry though they didn't cause any damage, instead they just stole data and maintained a presence on integrated control systems. While no physical damage was done, does this sound like something that should be considered a low-level threat? I'll let you be the judge.
The Industrial Control Systems Cyber Emergency Response team found an ongoing malware campaign in late 2014 that apparently started in 2011. Researchers believe that state-sponsored Russian hackers were to blame for the 3-year attack.
So, the U.S. has criminals stealing data and planting malware on critical infrastructure, but researchers believe the threat of a damaging or disruptive attack on the U.S. energy sector remains low. Data usually speaks for itself, and this case is no different. This report brings more questions than answers. What constitutes a moderate threat?